Re: Running Web Servers In A Chroot Jail



On Sat, 20 Mar 2010 09:08:03 GMT, markhobley@xxxxxxxxxxxxxxxxxxxxxxxxxxx (Mark Hobley) wrote:

Artist <artist@xxxxxxxxxxxxxxxx> wrote:
So I want to know how important it is to run a web server in a jail, and
how prevalent jailing it is.

It depends on which webserver you are running, and how secure your cgi scripts
are. You probably need to do a code audit to determine this at this time.

Trouble is, how does a newbie know quality from crap information?

I think they're aware of security as an abstract notion, but until
their site gets hacked they don't really focus on the details.

PHP is convenient, but it allows laziness and thus tends to encourage
security breaches.

Running a server in a chroot jail seems like damage containment rather
than prevention, no?

I run http and ftp servers here, both are secure and neither offer any
user/pass logins. Glancing through the logs can be an education.

Grant.
.



Relevant Pages

  • RE: password file syncing
    ... I have two secure FTP servers that I run in our ... 1% of the time the password file gets garbled for some reason. ... Our FTP servers are physically secure so I can leave the console ... poor man's solution I was thinking of using rsync or rdist ...
    (SSH)
  • Re: Newbie: RedHat 8 or OpenBSD??
    ... > I'm fairly new to this, so please bare with me. ... > RedHat 8 or OpenBSD is more secure. ... isntead of str* for one, there was a code audit, there is integrated suport ...
    (Security-Basics)